The Enforcement Factsheet

Enhancing anti-financial crime compliance and risk management: A focus on the FIAU's supervision findings for 2021 and 2022

insight featured image
Compliance with anti-money laundering and countering financing of terrorism ('AML and CFT') obligations is not a new topic for subject persons. In fact, in recent years, Malta has witnessed drastic changes in measures being implemented to effectively combat money laundering and funding of terrorism. This is even evident in the increased efforts by the Financial Intelligence Analysis Unit (the 'FIAU') to ensure that all subject persons are doing their part in the prevention, detection, and mitigation of these crimes.
List of Contents


The FIAU undertakes compliance reviews on subject persons. 

The FIAU's Supervision Section conducts examinations, with the involvement of either the Malta Financial Services Authority (the 'MFSA') or the Malta Gaming Authority (the 'MGA'), depending on the sector under review. Cases resulting from these examinations are categorised based on their seriousness and materiality which include identified breaches, the extent of adherence to AML and CFT obligations by the subject person, cooperation level, as well as the size and sector of the subject person. 

Upon conclusion of examinations, officials from the Enforcement Section present cases to the Compliance Monitoring Committee (the 'CMC'). The CMC evaluates whether potential breaches of AML and CFT obligations have occurred and determines appropriate administrative measures if a breach is confirmed. 


Typologies: Common weaknesses identified by the FIAU.

Recently, the FIAU issued an enforcement factsheet to guide all subject persons in Malta in improving their AML and CFT control. This publication shows that the FIAU found weaknesses in different areas of AML and CFT compliance throughout 2021 and 2022. Nonetheless, the FIAI documented some of the highest number of AML & CFT weaknesses relating to transaction monitoring as well as identification and verification measures. 

The breaches relating to transaction monitoring refer to the lawful obligation to carry out transaction scrutiny as part of ongoing monitoring on the clients. Conversely, breaches relating to the identification and measures refer to the process undertaken by the subject person to not only identify the beneficial owner of their customer, but also verify their position. In the following sections of this article, reference to case examples of these types of breaches could be found alongside tips for the subject persons to better adhere to legal obligations. 


Implementing effective transaction monitoring.

One example provided in the factsheet concerns a land-based casino which failed to obtain information required to carry out effective transaction monitoring. Furthermore, they also failed to obtain any documentation which corroborates the customer's source of wealth. The land-based casino had a customer who exchanged over €100,000 in chips and lost around €90,000 during a twenty-day period at the end of 2019. Afterwards, it was determined that the player exchanged over €980,000 in two years. Although the customer deposited a large amount of money, the casino did not carry our adequate transaction monitoring as they relied on open-source intelligence on the person. 

Transaction scrutiny is an essential mechanism for customer due diligence since this enables the subject person to be more vigilant and thus, be more likely to identify suspicious activity being undertaken by the customer. This could either be done by manually checking transactions carried out by the clients, or else by employing an automated program which highlights any suspicious transactions. To carry out transaction scrutiny in an effective manner, reference could be made to the Implementing Procedures and the FIAU's guidance note titled                                           "A Look Through the Obligation of Transaction Monitoring". 


Reducing anonymity by identifying and verifying beneficial owners.

The publication also emphasised the importance of having robust identification and verification procedures, especially linked to the ownership and control structures of corporate customers. 

In one case, a group structure chart was collected by a subject person in relation to a corporate customer where 80% of its shares were held through a trust, while the remaining 20% was held through a company, which in turn was owned by a foundation. The structure chart and letter explaining the ownership and control structure of the corporate customer were not considered sufficient for verification, as it was certified by the trustee of the trust holding shares in the corporate customer. Moreover, the higher the risk the more independent the documents requested need to be. 

Moreover, the trustee's certification only covered the part of the structure leading to the corporate customer, omitting details about the foundation and its beneficiaries. Therefore, it cannot guarantee a comprehensive understanding of the ownership structure. 

Gathering thorough documentation in all aspects of the structure, including details about the corporate customer, its subsidiaries, affiliated entities, its beneficiaries, and relevant legal documents such as trust deeds or articles of incorporation are recommended. Documents should be certified independently by parties with no conflicts of interest. Tracing the source of funds used to establish and maintain each entity within the ownership structure is recommended by reviewing financial statements, transaction records, and other relevant documentation to confirm legitimacy. 


Grant Thornton: Your Partner in Growth!

As a solutions-oriented firm, Grant Thornton takes pride in being more than just advisors. We are a team of industry-focused professionals, including regulatory compliance and risk management experts, ready to navigate the intricate landscape of Malta's financial crime regulation alongside you. Our commitment is to provide tailored solutions, ensuring that your focus remains dedicated to the creative heart of your business. 

Engaging with Grant Thornton means entrusting your financial and operational complexities to a dedicated partner, allowing you the freedom to channel your energies where they are most needed. Here's how we seamlessly become an extension of your team: 

  • Document Preparation - Grant Thornton assists in preparing and / or reviewing of policies and procedures to document your internal controls which combat money laundering and financing of terrorism, freeing you to concentrate on your business operations. 
  • Streamlining Non-Care Activities - Businesses often grapple with non-core activities such as compliance, risk-management, and internal audit functions. Grant Thornton takes charge of these essential but time-consuming tasks, allowing you to immerse yourself fully in the strategic part of the business.
  • Optimising Due Diligence Processes - Navigating through the due diligence process can prove complex, especially for small-medium enterprises. Grant Thornton applies these processes on your behalf, enabling you to focus on other aspects of the business operations. 

By engaging Grant Thornton, you aren't just outsourcing tasks; you're gaining a strategic partner dedicated to amplifying your success. 


Ready to elevate your business? Connect with Grant Thornton and experience a partnership where your vision thrives, and your focus remains steadfast on your core business activities. Let us handle the rest - because your creativity deserves an unbridled stage.